Albert: A Smart Solution for Network Monitoring

The world of network monitoring can seem a bit intimidating at first. There are a variety of solutions on the market offering to detect, alert, and mitigate your IT infrastructure against cyber threats. Albert is a passive IDS offered by CIS as an effective low-cost network monitoring service for which malicious activity is detected based on threat signatures.

Albert leverages Suricata’s high-performance, signature-based, IDS (Intrusion Detection System) engine to accurately identify and report malicious activity.

Threat signatures

Albert compares inspected network traffic against tens of thousands of threat signatures, and then sends alerts back to CIS’ 24×7 Security Operations Center (SOC) for analysis when there is a match.

Albert’s signatures include commercial, open-source, and signatures related to Advanced Persistent Threat (APT) actors. Albert also monitors raw network packets and converts that data into a NetFlow format for efficient storage and analysis.

CIS develops custom threat signatures specific to U.S. State, Local, Tribal, and Territorial (SLLT) governments based on advanced threat analysis, our CERT forensic cases, as well as member submitted and third-party threat data. Signatures are updated and distributed to every Albert sensor daily to ensure organizations receive the latest security monitoring.

When a threat is detected

When a potential threat is identified, Albert generates an alert which is sent to CIS’ 24×7 SOC. A SOC analyst reviews and validates the alert for malicious activity and notifies the affected organization. Here’s how it works:



Event notifications from the SOC include:

  • System(s) affected
  • Identified issue
  • Mitigation recommendations
  • Traffic associated with the event

24×7 SOC for assistance, updates, and more

The SOC has a 24×7 hotline for answering questions or querying Netflow data. Organizations using Albert also receive a monthly report, which includes details about actionable alerts, ticket information, a review of the volume of traffic monitored and more.

CIS manages every Albert sensor, including updates to the operating system, engine, Netflow tools, and signature sets.

The Albert network monitoring solution is available to U.S. State, Local, Tribal, and Territorial (SLTT) entities, including public universities, utilities, school districts, and emergency response services.